|
|
| David Larochelle, David Evans. |
| USENIX Security Symposium, August 2001 |
| English.HTML English.PDF |
| ¨This paper presents a new approach to mitigating buffer overflow vulnerabilities by detecting likely vulnerabilities through an analysis of the program source code. Our approach exploits information provided in semantic comments and uses lightweight and efficient static analyses.¨ |
| Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade |
| Crispin Cowan, Perry Wagle, Calton Pu,Steve Beattie,Jonathan Walpole |
| http://www.cse.ogi.edu/DISC/projects/immunix/ , 1999 |
| . |
| ProPolice: Protecting from stack-smashing attacks |
| Hiroaki Etoh and Kunikazu Yoda |
| IBM Research Division, Tokyo Research Laboratory, June 19, 2000 |
| - |
| It is a GCC extension for protecting applications from stack-smashing attacks. Applications written in C will be protected by the method that automatically inserts protection code into an application at compilation time. The protection is realized by buffer overflow detection and the variable reordering feature to avoid the corruption of pointers |
| A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities |
| D. Wagner, J. Foster, E. Brewer, and A. Aiken (UC Berkeley) |
| http://www.cs.berkeley.edu/~aiken/publications/papers/netsec00.ps |
| PostScript |
| Automatic Detection and Prevention of Buffer-Overflow Attacks |
|
Crispin Cowan, Calton Pu, David Maier, Heather Hinton, Peat Bakke, Steve
Beattie, Aaron Grier, Perry
Wagle, and Qian Zhang |
| 7th USENIX Security Symposium, San Antonio,TX, January 1998 |
| Protecting Systems from Stack Smashing Attacks with StackGuard |
| Crispin Cowan, Steve Beattie, Ryan Finnin Day, Calton Pu, Perry Wagle, and Erik Walthinsen |
| Linux Expo, Raleigh, NC, May 1999 |
| PDFPostScript(gz) |
| Libsafe: Protecting Critical Elements of Stacks |
| Arash Baratloo, Timothy Tsai and Navjot Singh |
| Bell Labs, Lucent Technologies, December 1999 |
| . |
|
|
| Gary McGraw and John Viega [RST] |
| IBM, March 2000 |
|
|
| Gary McGraw and John Viega [RST] |
| IBM, March 2000 |
| URL (wrong pdf file) HTML |
| - |
| Make your
software behave:
Preventing buffer overflows Protect your code through defensive programming |
| Gary McGraw and John Viega [RST] |
| IBM, March 2000 |
| PDF HTML |
| - |
Bypassing.
| Defeating Solar Designer's Non-executable Stack Patch |
| Rafal Wojtczuk |
| January 1998 |
| HTML |
| Defeating Solaris/Sparc Non Executable Stack Protection |
| John McDonald |
| March 1999 |
| HTML |
| Bypassing Stackguard and Stackshield. |
| Bulba and Kil3r |
| Phrack Magazine 56(5),May 2000 |
| EnglishEspañol |
| StackGuard Mechanism: Emsi's Vulnerability |
| Mariusz Woloszyn |
| HTML |
| . |